Analysis
-
max time kernel
37s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
15-04-2021 15:57
General
-
Target
d6904948ae99d7bf84e6af9a978c3ae6.dll
-
Size
666KB
-
MD5
d6904948ae99d7bf84e6af9a978c3ae6
-
SHA1
a272ccd04db93604874c8606e4f41ad8bb212540
-
SHA256
938f890613dc8526bb828c3de5d5c612b7c13515062fb6ca15f8abc1424f2835
-
SHA512
dbae64e1d607c23e5779fcd3da5e8e1f8348d324b68097758d07ca31a7778d5a22ae701d5999d324063095b61c30cc34a8ca2754dc878d4f87e94cbe72f387b6
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
nut
Campaign
13/04
C2
https://jiaayanu.com/post.php
https://investinszeklerland.eu/post.php
https://iqs-sac.com/post.php
https://jciems.in/post.php
https://jinnahofficersschool.com/post.php
https://kancagh.com/post.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6904948ae99d7bf84e6af9a978c3ae6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6904948ae99d7bf84e6af9a978c3ae6.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1864-60-0x0000000000000000-mapping.dmp
-
memory/1864-61-0x0000000075041000-0x0000000075043000-memory.dmpFilesize
8KB
-
memory/1864-63-0x00000000744C0000-0x0000000074588000-memory.dmpFilesize
800KB
-
memory/1864-62-0x00000000744C0000-0x00000000744EB000-memory.dmpFilesize
172KB
-
memory/1864-64-0x00000000000C0000-0x00000000000C1000-memory.dmpFilesize
4KB